EXECUTIVE SUMMARY: All tenants were completely isolated from each other on virtual servers, throughout the data center network, to core network VPNs.
One of cloud service customers’ main concerns is security in terms of isolation: If I can access this application, virtual machine or service from my network, who else can?
Firewalls are certainly a big part of the security story in the cloud, but at least for enterprise users, they are not sufficient. The service must be completely isolated from other services -- much like a VPN. In fact, VPNs, amongst other technologies such as VLANs and virtual switching instances, are used in Cisco’s Virtualized Multi-tenant Data Center (VMDC) reference architecture, which was leveraged for this test program. Since there are several ways to design the network, with countless combinations of how the various systems are configured, the architecture helped both to provide a reference for the test program, and to define conventions -- for example, how gold tenants will get firewall services, and how gold and silver tenants will get load-balancing services.
To verify tenant isolation we pulled out a legacy test methodology for MPLS VPNs. Using Ixia (Nasdaq: XXIA) virtual tools, we deployed 54 Ixia IxNetwork VMs -- one in each of the fifty four tenants -- and attempted to transmit traffic in a full mesh. We expected 100 percent loss. In parallel, we sent traffic between each tenant and the outside core network, which we expected to work resembling acceptable use. For this traffic, we defined a Cloud Traffic Profile with Layer 3 traffic resembling a series of realistically emulated applications using Ixia hardware. In addition we set up yet 24 more Ixia IxNetwork VMs to emulate normal traffic within the data center (so-called "east-west" traffic) sent in a full mesh pattern at 500 Mbit/s per VM. The 24 VMs were distributed across three UCS chassis -- each chassis configured as a single ESX cluster, eight blades per chassis, one Ixia VM per blade. The pie charts below show the traffic distribution toward the 54 tenants' users, which was also used for our QoS test. (See Tiered Cloud Services.)
After running all traffic configurations simultaneously for 209 seconds (each Ixia configuration was running in a separate system, some ran longer), we correctly observed 100 percent loss on traffic between tenants, zero loss for traffic toward the customer. There was a very minor amount of 0.00014 percent loss on the traffic from the 24 Ixia IxNetwork VMs within the single tenant that we had expected to pass. The team explained that it is possible to achieve a lossless virtual environment with software switching, but with all the services we were running for this test, and the services for other tests still running in parallel, this was a very low amount of loss. Additionally, we pinged the different gold firewalls from different tenants' VMs, and correctly only received responses for those we expected access.
Next Page: FabricPath
Previous Page: BMC Cloud Lifecycle Management Integration
Back to the Cisco Test Main Page